package/libgtk3: security bump to version 3.24.43

Message ID	20240717170256.787061-1-francois.perrad@gadz.org
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::330; helo=mail-wm1-x330.google.com; envelope-from=francois.perrad@gadz.org; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 0777F8108F From: Francois Perrad <francois.perrad@gadz.org> To: buildroot@busybox.net Date: Wed, 17 Jul 2024 19:02:56 +0200 Message-ID: <20240717170256.787061-1-francois.perrad@gadz.org> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gadz.org; s=google; t=1721235785; x=1721840585; darn=busybox.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=4Y9OBm/6r6AQRQ9HIpN7y24nwKsp8jC3M/5tZMnR51E=; b=XmLzFdJxTGW/fmwKDIT1556vSgU8cZ5l8tZVccdAb7mOZjQgaRH816rgnNwYRy9Ko7 tA1/7PEp3x2Mt0BikD6MbqSDu1iQF3wdBdBT55PZXUF5aDxvBN5z8R1mJVmigGrCa2EY BVJ9szzmlBBHMUalVZCWLFZKFsJgYk36PMNGoRbYusDsLnJBsv7CvahQfCXq4qmwbreY tgMreP1giffVqc3HrbmdJcyZ7+9VlaAX4d3z7dElGnXtX/mEGG2VpGS9rOoMzss+p1E8 8HrmR5LDiYmvixd/9tVeGD/JTHmMuIhzBVlJFuLlnHpG6ckm39VTQ/mWx02aetEpCQ7P 6eUw== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=gadz.org X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=gadz.org header.i=@gadz.org header.a=rsa-sha256 header.s=google header.b=XmLzFdJx Subject: [Buildroot] [PATCH] package/libgtk3: security bump to version 3.24.43 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	package/libgtk3: security bump to version 3.24.43 \| expand package/libgtk3: security bump to version 3.24.43

Message ID

20240717170256.787061-1-francois.perrad@gadz.org

State

Accepted

Headers

Received-SPF: Pass (mailfrom) identity=mailfrom;
 client-ip=2a00:1450:4864:20::330; helo=mail-wm1-x330.google.com;
 envelope-from=francois.perrad@gadz.org; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 0777F8108F
From: Francois Perrad <francois.perrad@gadz.org>
To: buildroot@busybox.net
Date: Wed, 17 Jul 2024 19:02:56 +0200
Message-ID: <20240717170256.787061-1-francois.perrad@gadz.org>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dmarc=pass (p=none dis=none)
 header.from=gadz.org
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key,
 unprotected) header.d=gadz.org header.i=@gadz.org header.a=rsa-sha256
 header.s=google header.b=XmLzFdJx
Subject: [Buildroot] [PATCH] package/libgtk3: security bump to version
 3.24.43
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

package/libgtk3: security bump to version 3.24.43 | expand

fix CVE-2024-6655 (Library injection from CWD) Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- package/libgtk3/libgtk3.hash | 4 ++-- package/libgtk3/libgtk3.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Peter Korsgaard Aug. 28, 2024, 9:10 a.m. UTC | #1

>>>>> "Francois" == Francois Perrad <francois.perrad@gadz.org> writes:

 > fix CVE-2024-6655 (Library injection from CWD)
 > Signed-off-by: Francois Perrad <francois.perrad@gadz.org>

Committed to 2024.02.x and 2024.05.x, thanks.

diff --git a/package/libgtk3/libgtk3.hash b/package/libgtk3/libgtk3.hash
index a1d8b1694..6a682a741 100644
--- a/package/libgtk3/libgtk3.hash
+++ b/package/libgtk3/libgtk3.hash
@@ -1,5 +1,5 @@ 
-# From https://download.gnome.org/sources/gtk+/3.24/gtk+-3.24.42.sha256sum
-sha256  50f89f615092d4dd01bbd759719f8bd380e5f149f6fd78a94725e2de112377e2  gtk+-3.24.42.tar.xz
+# From https://download.gnome.org/sources/gtk+/3.24/gtk+-3.24.43.sha256sum
+sha256  7e04f0648515034b806b74ae5d774d87cffb1a2a96c468cb5be476d51bf2f3c7  gtk+-3.24.43.tar.xz
 
 # Hash for license file:
 sha256  b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c  COPYING
diff --git a/package/libgtk3/libgtk3.mk b/package/libgtk3/libgtk3.mk
index 547fd194a..d6d7c64a5 100644
--- a/package/libgtk3/libgtk3.mk
+++ b/package/libgtk3/libgtk3.mk
@@ -5,7 +5,7 @@ 
 ################################################################################
 
 LIBGTK3_VERSION_MAJOR = 3.24
-LIBGTK3_VERSION = $(LIBGTK3_VERSION_MAJOR).42
+LIBGTK3_VERSION = $(LIBGTK3_VERSION_MAJOR).43
 LIBGTK3_SOURCE = gtk+-$(LIBGTK3_VERSION).tar.xz
 LIBGTK3_SITE = https://download.gnome.org/sources/gtk+/$(LIBGTK3_VERSION_MAJOR)
 LIBGTK3_LICENSE = LGPL-2.0+

package/libgtk3: security bump to version 3.24.43

Commit Message

Comments

Patch